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Amendments to the Claims 
Please cancel claims 13-15, 33-35, and 53-55 and amend claims 1-6, 8, 10-12, 16, 21-26, 
28, 30-32, 36, 41-46, 48, 50-52, and 56 as follows: 

1 . (Cuirently Amended) A computer-implemented method for virtualizing super- 
tiser privileges in a computer operating system including multiple virtunl processes virtual 
private servers, the method comprising: 

d e signating a virtual sup e r us e r, th e virtual gupor UGor being associated \vith - a virtual 
process, wherein the virtual proc e ss is a pIuroliT> " o f ac t ual proc e ss e s; 

associating a user with a virtual private server, the virtual private server comprising a 
plurality of actual processes; 

designating the user as a virmal super-user: 

intercepting a system call , made bv the user, for which actual super-user privileges are 
required; and 

in response to the intercepted system call boing mad e by th e virtual supor - user and 

pertaining to the virtual process of tito virtual oup e r us e r virtual private server 
associated with the user : 

granting actual super-user privileges to the vktual super user user : and 
allowing execution of the system call. 

2. (Currently Amended) The method of claim 1 , further comprising: 
withdravsing the actual super-user privileges from the \irtual siipor ubqt user after 

execution of the system call. 
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3 . (Cuirently Amended) The method of claim 1 , wherein designating comprises: 
assigning a virtual super-user identifier to the virtual super us e r user , 

4. (Currently Amended) The method of claim 3, wheiein the virtual super-user 
identifier comprises a super-user identifier and an indication of the virtual proc e ss virtual private 
server , 

5. (Currently Amended) The method of claim 1 , wherein designating comprises: 
assigning a user identifier to the \dTtual super us e r user; and 

storing the user identifier and an indication of the virtual pro eegg virtual private server of 
the virtual sup e r xiser user in a virtual super-user list. 

6. (Currently Amended) The method of claim 1 , wherein granting comprises: 
assigning a super-user identifier to the virtual sup e r - user user . 

7. (Original) The method of claim 1, wherein the intercepted system call comprises a 
system call for accessing a file. 

8. (Currently Amended) The method of claim 7, wherein the intercepted system call 
pertains to the \Titual process of th e virtual sup e r us er virtual private server associated with the 
user when the file to be accessed is associated with the virtual pro eess virtual private server . 
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9. (Original) The method of claim 1, wherein the intercepted system call comprises a 
system call for terminating a process. 

1 0. (Cnirenily Amended) The method of claim 9, wherein the intercepted system call 
pertains to the virtual procoGG of tho virtual super - us e r virtual private server associated with the 
user when the process to be terminated is associated with the virtual proc e ss virtual private 
server , 

1 1 . (Currently Amended) The method of claim 1, wherein the intercepted system call 
comprises a system call for terminating all processes associated with the v ii - tfual - prooess virtual 
private server, the method further comprising: 

identifying each process associated with the virtual process virtual private server; and 
terminating each identified process. 

12. (Currently Amended) The method of claim 1 1, wherein a data structure stores 
associations between processes and virtual proc e sses virtual private serv_ers, and wherein 
identifyii^ comprises; 

identifying each process by its association with the virtual proc e ss virtual pri vate server in 
the data structure. 

13. -15. (Cancelled) 

16. (Currently Amended) The method of claim 1, further comprising: 
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responsive to fhe intercepted system call b e ing made by the virtaal mpor UGor and not 
pertaining to the -virtual procoss of tho virtual auper U5cr virtual private server 
associated with the user , disallowing execution of the system call. 

17, (Original) The method of claim 1, fmther comprising: 

responsive to the intercepted system call comprising a system call for inserting a module 
into an operating system kernel, disallowing execution of the system call. 

18, (Original) The method of claim 1, wherein allowing comprises: 
executing the system calL 

19, (Previously Presented) The method of claim 1, wherein intercepting the system call 

comprises: 
loading a system call wrapper; 
saving a pointer to the system call; and 

replacing the pointer to the system call with a pointer to the system call wrapper, such 
that the system call wrapper is executed when the system call is mvoked. 

20, (Original) The method of claim 19, wherein the pointer to the first system call 
comprises a system call vector. 
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2 1 . (Currently Amended) A computer program product for virtualizing super-user 
privileges in a compxiter operating system including multiple \irtual process e s virtual tarivate 
servers, the computer program product comprising: 

program code for doaignating a virtual super - user, th e virtual sup e r user b e ing oijsooiated 
with g virtual procoGS, wherein th e virtual process is a pluraliT}^ of actnn l 
procossc D ; 

program code for associating a user vvith a virtual private server, the virtual private server 

comprising a plurality of acmal processes: 
program code for designating the user as a virtual super-user: 

program code for intercepting a system call , made bv the user, for which actual super-user 
privileges are required; and 

program code for determining that the intercepted system call was mad e by th e virtea t- 
Gupor user and p ertains to the virtual process of the virtual super user; A^rtual 
private server associated with the user, granting actual super-xiser privileges to the 
v^Ftuol super uson tiser. and allowing execxxtion of the system call. 



22. (Currently Amended) The computer program product of claim 2 1 , further 

comprising: 

program code for withdrawing the actual super-user privileges ftom the virtual super-us e^ 
user after execution of the system calL 

23. (Currently Amended) The computer program product of claim 21, wherein 
program code for designating comprises: 
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program code for assigning a virtual super-user identifier to the wtuol sup e^^^as^ usgr- 

24. (Cuirently Amended) The computer program product of claim 23, wherein the 
virtual super-user identifier comprises a super-user identifier and an indication of ihe virtual 
^^fiM^^^ virtn::il priv ate server . 

25 . (Currently Amended) The computer program product of claim 2 1 , wherein 
program code for designating comprises: 

program code for assigning a user identifier to the virtual super us e r user : and 
program code for storing the user identifier and an indication of the ^drtual pre eess virtual 
private server of the virmal gupcr us e r user in a virtual super-user list 

26. (Currently Amended) The computer program product of claim 21, wherein 
program code for granting comprises: 

program code for assigning a super-user identifier to the vi rtual sup e r - us e r user. 

27. (Original) The computer program product of claim 21, v^*ierein the intercepted 
system call comprises a system call for accessing a file. 

28. (Currently Amended) The computer program product of claim 27, wherein the 
intercepted system call pertains to the v irtual proc e ss of th e virtual sup e r - uEy ^ virtual private 
server associated with the user when the file to be accessed is associated with the virtual proc e ss 
virtual private server . 
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29. (Original) The computer program product of claim 21, A^^ereia the intercepted 
system call comprises a system call for terminating a process, 

30. (Currently Amended) The computer program product of claim 29, vyherein the 
intercepted system call pertains to the \iTtual procoG G of the virtual super - us e r virtual private 
server associated with the tiser when the process to be terminated is associated with the y iftuol 
proocGS virtual private server . 

3 1 . (Currently Amended) The computer program product of claim 21 , wherein the 
intercepted system call comprises a system call for terminating all processes associated with the 
virtual proc e ss virtual private server, the computer program product further comprising: 

program code for identifying each process associated with the virtual prooco s virtual 

private server: and 
program code for terminating each identified process. 

32. (Currently Amended) The computer program product of claim 3 1 , herein an 
association data structure stores associations between processes and v - irtual processes virtuaL 
private servers, and wherein program code for identifying comprises: 

program code for identifying each process by its association with the virtual pro eess 
virtual private server in the association data structure. 

33. -35. (Cancelled) 
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36. (Currently Amended) The computer program product of claim 21, further 

comprising: 

progr^ code for disallowing execution of the system call in response to the intercepted 
system call boing mnde by th e virtual aupcr - uscr ixnd not pertaining to the virtual 
prQCQCG of the \artiml sapor user virtual private server associated with the user . 

37. (Original) The computer program product of claim 21, further comprising: 
program code for disallowing execution of the system call in response to the intercepted 

system call comprising a system call for inserting a module into an operating 
system kernel. 

38. (Original) The computer program product of claim 21 , wherein program code for 
allowing comprises: 

program code for executing the system call. 

39. (Previously Presented) The computer program product of claim 21 ^ wherein 
program code for intercepting the system call comprises: 

program code for loading a system call wrapper; 
program code for saving a pointer to the system call; emd 

program code for replacing the pointer to the system call with a pointer to the system call 
wrapper, such that the system call wrapper is executed when the system call is 
invoked. 

9 21816/04953/DOCS/1546684.1 

PAGE 11/1 7 ' RCVD AT m05 4:54:26 PM [Eastern D^^^^ 



AUG-04-05 01:55PM FROM-Fenwick & West Mountain View 



650 936 5200 



T-297 P. 012/017 F-459 



40. (Previously Presented) The computer program product of claim 39, wherein the 
pointer to the first system call comprises a system call vector. 

4 1 . (Currently Amended) A system for virtualizing super-user privileges in a 
computer operating system including multiple ^drtual procoss e fl virtual private servers, the system 
comprising: 

a virtual cupcr - user d e signation module for d e signating a virtual sup e r usor, the virtual 

super - us e r b e ing aflaooiatcd with a viitual - proocsa, wherein tho virtual process i$ a 
plurolit)^ of actual processes; and 

a virtual super-user designation module for associating a user with a virtual private 

server, the virtual private server comprising a plurality of actual processes, and for 
designating the user as a virmal super-user: 

a system call wrapper for intercepting a system call , made by the user, for which actual 
super-user privileges are required and, in response to the intercepted system call 
being mode by th e virtual supor user and pertaining to the virtual proc e ss of th e- 
\Trtual sup etHis^ virtual private server associated with the user, granting actual 
super-user privileges to the virtual super us e r user and allowing execution of the 
system calL 

42. (Currently Amended) The system of claim 41 , wherein the system call wrapper is 
further configured to withdraw the actual super-user privileges fi:om the virtual super - user user 
after execution of the system call. 
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43 , (Cuirently Amended) The system of claim 4 1 , wherein the virtual super-user 
designation module is further configured to assign a virtual super-user identifier to the ^w^teat 



44. (Currently Amended) The system of claim 43, wherein the virtual super-user 
identifier comprises a super-user identifier and an indication of the vimial process vhtual nrivate 
server . 

45. (Currently Amended) The system of claim 41, wherein the virtual super-user 
designation module is further configured to assign a user identifier to the virmal super user user 
and store the user identifier and an indication of the \aTtuaI procoss of th e virtual sup e r us e r 
virtual private server associated with the user in a virtual super-tJSer list. 

46. (Currently Amended) The system of claim 41, wherein the system call wrapper is 
fijnher configured to assign a super-user identifier to the virtuiil sup er^asef user , 

47- (Original) The system of claim 41, wherein the intercepted system call comprises a 
system call for accessing a file, 

48. (Currently Amended) The system of claim 47, wherein the intercepted system call 
pertains to the virtual p roocss of th e virtual super ur; ef virtual private server associated v^ith the 
user when the file to be accessed is associated with the virtual pro cess virtual private server . 
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49. (Ori^al) The system of claim 41, wherein the intercepted system call comprises a 
system call for tenninating a process. 

50. (Oirrently Amended) The system of claim 49, wherein the intercepted system call 
pertains to the virtual piocooa of th e virtual supo r user virtual private server as sociated with the 

4 

user when the process to be tenninated is associated with the vutuol proc e ss virtual private 
server . 

5 L (Currently Amended) The system of claim 4 1 , wherein the intercepted system call 
comprises a system call for terminating all processes associated with the virtual pro eess virtual 
private server, and wherein the system call wrapper is ftirther configured to identify each process 
associated with the virtual pro cess virtual private server and terminate each identified process. 

52. (Currently Amended) The system of claim 5 1 , further comprising: 

an association data structure for storing associations between processes and virtual - 
proccsseij virtual private servers , wherein the system call wrapper is further 
configured to identify each process by its association with the virtual proc e ss 
virtual private server in the association data structure. 

53. -55- (Cancelled) 
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56. (Cuirently Amended) The system of claim 41, v^erein the system call vvrapper is 
further configured to disallow execution of the intercepted system call in response to the 
intercepted system call being mctdo by th e vtrtuol super uso r and not pertaining to the virte al- 
prnoonn of th e \ditual isup ep-Hfief virtual private server associated with the user . 

57. (Original) The system of claim 41, wherein the system call wmpper is further 
configured to disallow execution of the intercepted system call in response to the intercepted 
system call comprising a system call for inserting a module into an operating system kernel. 

58. (Original) The system of claim 41, wherein the system call wrapper is further 
configured to execute the system calL 
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